<?php

namespace app\middleware;

use \yifang\middleware\Middleware_contract;

class Security_xss implements Middleware_contract
{
    /**
     *  处理请求
     */
    public function handle($request, \Closure $next)
    {
        //过滤xss
        $isGet=$request->isGet();
        $isPost=$request->isPost();
        $isPut=$request->isPut();
        if($isGet){
            $param=$request->get();
            array_walk_recursive($param, [$this, 'filterValue']);
            $request->setGet($param);
        }else if($isPost){
            $param=$request->post();
            array_walk_recursive($param, [$this, 'filterValue']);
            $request->setPost($param);
        }else if($isPut){
            $param=$request->put();
            array_walk_recursive($param, [$this, 'filterValue']);
            $request->setPut($param);
        }
        $response=$next($request);
        return $response;
    }

    /**
     * 过滤数据
     * @param $value
     * @param $key
     */
    public function filterValue(&$value,$key){
        if($value && !is_numeric($value) && !is_bool($value)){
            //清理特殊字符
            $value=security()->clean($value);
            $value = clearXss($value);
        }
        return $value;
    }
}


